Foreword

[Previous] [Next]

Over a period of about three years, Internet applications have evolved quickly, starting as simple information distribution Web sites serving up mostly static HTML content (with a small amount of server-side scripting used to address differences between Web browsers), providing simple site personalization, or being used by search engines as query processors. Today, multitiered, distributed applications use the scripting capabilities of Microsoft Internet Explorer or Netscape Navigator to form Web server-based "middle tier" servers. These applications are often implemented as CGI, ASP, or ISAPI programs accessing database or messaging servers. Replacing legacy client/server applications within corporate internal networks and opening up new strategic business-to-business applications, these applications are beginning to change supply chain systems and provide much more productive ways to collaborate with business partners.

As director of Windows NT security at Microsoft, I've witnessed a corresponding increase in the number and severity of security-related attacks on these Web-based applications. Pubic interest in security centered on privacy as it relates to financial transactions and identity protection—and the rapid spread of computer viruses capable of compromising data integrity—has increased pressure to make Internet applications and operating systems more secure. I believe three key things need to be done to improve the overall security of these applications. First, system administrators and data center operations staff need increased awareness of security threats and the associated best practices for securing computing systems against these threats. Second, application developers need to build security into their code up front rather than after the fact. Finally, the foundation components, comprising base operating systems (client and server), Internet browsers, Web servers, communication middleware, and database and collaboration servers, need to provide the necessary security functions, eliminating the need for applications to implement them. The high volume of questions on the security-related discussion aliases indicates a growing interest by end users, developers, and IT professionals in understanding and improving the overall security of their systems. The challenge they've faced is that too much information is spread across too many books, white papers, and Web sites for most people to be able to find the information needed in an understandable form. Security education within most college or university computer science curricula focuses on security theory, which addresses only a portion of system security, and industry consulting groups lack the capacity to meet demand.

With Microsoft Windows 2000 and the corresponding releases or availability of Internet Explorer, Internet Information Services (IIS), Exchange, and SQL Server, I believe Microsoft has made significant progress toward offloading security functionality from application developers and helping with security administration. This book goes a long way toward providing the necessary information to administrators and application developers. The combination of "just enough" security theory, security-focused functional descriptions of Internet Explorer, IIS, COM+, and SQL Server, and the pragmatic step-by-step lists for deploying the recommended configurations provide the complete picture required for configuring and monitoring the system for attacks. I highly recommend Designing Secure Web-Based Applications for Microsoft Windows 2000 to every application developer and system administrator. After reading this book, you'll have a much better security awareness and an understanding of how to build secure applications by taking advantage of the security capabilities available in Microsoft products.

Doug Bayer
Director, Windows NT Security



Designing Secure Web-Based Applications for Microsoft Windows 2000 with CDROM
Designing Secure Web-Based Applications for Microsoft Windows 2000 with CDROM
ISBN: N/A
EAN: N/A
Year: 1999
Pages: 138

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net